On September 3, 2021, Netgear issued patches for three authentication bypass vulnerabilities impacting several of its smart switches. The vulnerabilities have been dubbed Demon’s Cries, Draconian Fear, and Seventh Inferno and allow for complete takeover of the affected devices.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Although ransomware incidents persistently make international headlines, Business Email Compromise (BEC) is still a global menace and may become more difficult to detect. In 2020, BEC cost U.S. businesses $1.8 billion and represented 43 percent of all cybercrime losses for the year. Researchers at the cybersecurity firm Intel 471 recently observed actors on multiple cybercrime forums seeking partnerships with other criminals to engage in BEC attacks.
No one plans on compounding deferred patches, but when error messages are confounding, we often move on to seemingly more immediate (and less frustrating) fires. This initial patch deferment often lasts months, or even years until the device is either compromised or replaced (often due to end-of-life). For instance, several events this year have highlighted the significant vulnerabilities affecting unpatched Microsoft Exchange Servers and the subsequent risk that presents to the system or an entire network.
While there seems to be interest in the OT/ICS cyber threat landscape, it’s truly a challenge to paint an accurate picture when organizations don’t report incidents – it’s like trying to paint a beautiful sunset with only black and white. Nonetheless, some organizations develop surveys with questions believed to capture the perceived issues and challenges in order to at least cover the broad strokes. The latest such survey report comes from the SANS Institute, for which 480 of your OT/ICS peers have spoken – A SANS 2021 Survey: OT/ICS Cybersecurity.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Pardon the reprise of a similar holiday-themed post from last year, Don’t Let Ransomware Steal Your Independence (Day), but if the shoe (and the sentiment) fits…
Bad Practice #3 – Use of Single-Factor Authentication (SFA)
Another vulnerability associated with Microsoft Exchange Server has been disclosed. The flaw, dubbed “ProxyToken,” allows remote attackers to bypass authentication and alter an Exchange email server’s backend configuration. This vulnerability could be exploited by a threat actor to copy all emails sent to a specified target account and then forward those emails to a separate account controlled by the attacker.
Users are not the only ones to suffer from password re-use across multiple sites, services, or devices. Unfortunately, many system administrators use the same passwords for local administrator access across all workstations for ease of technical support. But what’s good for the sysadmin, is also good for the threat actor who gains access to password hashes. Pen Test Partners (PTP) briefly discusses the issues with admin password re-use and suggests a more secure solution than using the same local admin password across all workstations.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
